Total
11965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0844 | 1 Mit | 2 Kerberos, Kerberos 5 | 2020-01-21 | 5.8 MEDIUM | N/A |
| The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read. | |||||
| CVE-2008-0947 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 10.0 HIGH | N/A |
| Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors. | |||||
| CVE-2007-5972 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 9.0 HIGH | N/A |
| Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key. | |||||
| CVE-2007-4743 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 10.0 HIGH | N/A |
| The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack. | |||||
| CVE-2008-0948 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 9.3 HIGH | N/A |
| Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors. | |||||
| CVE-2018-0721 | 1 Qnap | 1 Qts | 2020-01-16 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710. | |||||
| CVE-2017-1000376 | 2 Debian, Redhat | 4 Debian Linux, Enterprise Linux, Enterprise Virtualization Server and 1 more | 2020-01-15 | 6.9 MEDIUM | 7.0 HIGH |
| libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1. | |||||
| CVE-2013-4532 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-01-15 | 4.6 MEDIUM | 7.8 HIGH |
| Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. | |||||
| CVE-2017-11571 | 1 Fontforge | 1 Fontforge | 2020-01-13 | 6.8 MEDIUM | 7.8 HIGH |
| FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via a crafted otf file. | |||||
| CVE-2017-11574 | 1 Fontforge | 1 Fontforge | 2020-01-13 | 6.8 MEDIUM | 7.8 HIGH |
| FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code execution via a crafted otf file. | |||||
| CVE-2019-15785 | 1 Fontforge | 1 Fontforge | 2020-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c. | |||||
| CVE-2017-11576 | 1 Fontforge | 1 Fontforge | 2020-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file. | |||||
| CVE-2018-5732 | 1 Isc | 1 Dhcp | 2020-01-09 | 5.0 MEDIUM | 7.5 HIGH |
| Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0 | |||||
| CVE-2017-14165 | 1 Graphicsmagick | 1 Graphicsmagick | 2020-01-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c. | |||||
| CVE-2018-4386 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2020-01-08 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | |||||
| CVE-2013-5571 | 1 Hmailserver | 1 Hmailserver | 2020-01-08 | 2.6 LOW | 5.9 MEDIUM |
| HMailServer 5.3.x and prior: Memory Corruption which could cause DOS | |||||
| CVE-2014-6273 | 1 Debian | 1 Advanced Package Tool | 2020-01-08 | 6.8 MEDIUM | N/A |
| Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL. | |||||
| CVE-2019-18236 | 1 We-con | 1 Plc Editor | 2020-01-03 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple buffer overflow vulnerabilities exist when the PLC Editor Version 1.3.5_20190129 processes project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | |||||
| CVE-2019-14608 | 1 Intel | 38 Cd1iv128mk, Cd1iv128mk Firmware, Cd1m3128mk and 35 more | 2020-01-02 | 4.6 MEDIUM | 7.8 HIGH |
| Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2016-4054 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2019-12-27 | 6.8 MEDIUM | 8.1 HIGH |
| Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses. | |||||